That excellent party formula of the recessionary Eighties, ‘Bring Your Own Bottle’ had the nominal social benefit of letting the drinkers of esoteric delights like tequila, cava or prosecco follow their own taste while enjoying the hospitality. A mere side benefit was the fact that the hosts could budget for a relatively modest supply of generic booze. The Bring Your Own Device (BYOD) movement in technology today is certainly similar. Addicts can stay with their own familiar gadgets, application or app set-ups and style of working. Left to their own devices they are generally happier and jollier campers all round and remarkably more sociable.
From the point of view of the employer host, keeping those punters happy is also the priority. But this is not a staff party and discipline is no more affected than business performance was by the relaxation of dress codes or what car you can drive. A welcome exception might be made, of course, for the more recent trend towards delectable décolletage.
There may well be some capital expenditure saving for organisations that would otherwise supply their employees with mobile technology, which of course is welcome. But they will in any event have to pay for or contribute to employees’ expenses in network charges (data roaming is a key issue) while most bring your own tech(BYOT) schemes will include some level of grant towards acquiring or renewing any kit staff are using legitimately for work. The costs of security for communications and data security will not go away and the task will be arguably be more complex and possibly more expensive if staff are using a wide range of devices.
But the consensus is effectively universal: this is the 20-teens way of working for all but a proportion of manual and location-bound jobs. So organisations will have to accept the inevitable and decide how to plan and manage for it. Just like cloud computing, really, of which the three ‘A’ (Any-time, -where, -device) is a first cousin. It is often referred to as the consumerisation of technology but it is really more like the universalisation of computing and communications technology. Very soon the only real differences between the user-facing end of the whole tech spectrum will be in the levels of security supporting specific systems. Most of that will be at the head end, organisation data centre or cloud, and will be transparent to the user except when there is some snag.
In all significant respects this has gone beyond ‘trend’ and is already here, judging by the November report from the Accenture Institute for High Performance report ‘The Consumerisation of Enterprise IT’. Sampling 16 countries on five continents, the research showed that 23% of employees regularly use personal consumer devices and applications for work-related activities. Perhaps more significantly, and suggesting that it is by no means entirely a consumer-led movement, 54% of IT executives and 49% of managers are already doing the same.
"It is clear that all computing, certainly access to corporate as well as consumer applications, is going this way," says Paul Pollock, senior executive in the technology practice of Accenture Ireland. "For the organisation the main problem is security and employer control. A quite wide range of solutions is emerging, for example the idea of a ‘dual persona’ on the device. In other words, there is a set of technology on the smartphone, tablet or laptop that is specific to the owner’s corporate role and another one that is personal. The official side is controlled by the employer, to the level of access denial or even remote deletion. Digital certificates and one-time passwords and so on can be pre-loaded by management. Similarly, instead of pocket tokens we will probably see mobile devices with biometric options."
Corporate data on portable devices is already a serious concern. With separation of the elements, through dual persona, separate SIM cards, virtual machines, ultra-thin clients or other solutions that element of security concern can be satisfactorily addressed, Pollock says. "Once the device can be remotely purged of any risk when lost or compromised we move on to the more complex challenge of data in transit. While this continues to be a challenge there are many acceptable solutions in communications security, notably encryption."
Encryption is key to the Citrix solution, famously also the ultra-thin client form of computing in which not much more than keystrokes and screen refresh actually happens along the comms link. "Our philosophy and advice is ‘Don’t fight it, feature it’ and we have ourselves embraced BYOT internally," says Martin Kelly, Citrix VP for information technologies, a global role based in Ireland. "In the organisation, BYOT has become part of the movement towards virtualised desktops with the benefits of better control and security yet agility for the enterprise and an increasingly mobile workforce."
In Citrix the three-year old BYOT programme has achieved the anticipated 20% cost saving internationally despite a 2,000 increase in total staff. It is set to become the default for personal technology this year, tailored to different countries and cultures in terms of local taxation, amount of grant support and other differentiation factors.
The key points are simple, as Kelly sees it. "BYOT is what staff want, not just the general run following the consumer market but senior and responsible technical people and managers. With Citrix Receiver it can be securely managed on all possible devices. The fact that it is a managed service is what makes it possible for organisations with more serious security concerns and regulated sectors."
From the user point of view, Kelly says, the main advice is ‘keep it simple’. "Whatever specific rules you apply to BYOT and mobile computing, the first is always ‘All existing rules apply.’ In fact by ensuring the computing is essentially centralised, the risk management is actually enhanced for remote devices whether they are corporate or personally chosen. Desktop and applications can be immediately provisioned-or withdrawn-and anything potentially compromised can be wiped remotely."
Another technical solution to enabling and managing remote devices is the VMware approach of having a virtual machine (VM) on the device for exclusive corporate use, side by side with the standard functionality for personal tasks. This also reflects the trend towards desktop virtualisation and the fact that all remote and mobile access needs to be securely managed. In that respect there is little difference between BYOT and corporate units except the potential range of devices to be covered.
"It is clear we are no living and working in a post-PC era where all users want and expect to compute and communicate anywhere, anytime and on any device," says Frederik Sjostedt, VMware EMEA director of products and solutions. "People choose and use personal devices based on their most frequent activities, screen or device size and many other factors and features. Smart phones and tablets have extended the range and many people will swap between devices to suit the convenience of the moment."
Behind this apparent complexity or at least diversity, IT still has to deliver much the same requirements of functionality, data access and security, Sjostedt points out. "It can even be suggested that it no longer matters that much whether we are talking about a traditional virtual desktop or mobile devices, corporate or user choice-IT has to take control in order to securely deliver the required functionality."
VMware has taken the ‘dual persona’ side in terms of architecture, with a dedicated corporate VM separate from the device proper and whatever general consumer software it runs. It has patterned giant mobile carriers Verizon and Telefonica and handset manufacturers Samsung and LG to offer a new generation of Android devices configured ready-to-use for its VMware Horizon Mobile solution. This trend is expected to become standard with smart phones pre-configured for whatever dual purpose solution the purchasers and employers might choose.
As might be expected, Cisco sees this whole movement towards remote computing of all kinds as a network challenge rather than a specific device-related set of issues. "You can start from the recognition that work is no longer something you go to at set hours and where IT will provide you with what you need to do it," says Adam Grennan, head of technical strategy in Cisco Ireland. "We have all been using laptops on the move for years but the two big drivers on the device side have been smart phones and more recently tablets. Add to that the tastes and habits of Generation Y consumers and the whole perception of what we expect from ‘computing’ has been transformed. In business and in practice, on the other hand, what we have been seeing is a top-down push as senior managers grasp the value of smart portable devices for their own use and for enterprise agility."
From the Cisco point of view, all of this depends on our networks, and Grennan points out that the challenge is to internal Wi-Fi as much as to the big mobile carriers. "Smart phones and tablets depend on wireless even in the office, which raises the bandwidth and performance requirements and introduces a new capacity planning imperative. Whether the specific devices are BYOT or corporate, does not affect those elements, but in security terms the network may have to be device-aware as part of the overall security architecture."
In Cisco’s terms that means that security policies and rules are built into and in part at least carried out by the network. Identifying the profile or identity of each user device is one element, supported by monitoring of what the user is trying to access or do. "We can automate most of that through our Identity Services Engine, giving converged management of all access, wired or wireless, remote and VPN," says Grennan. "There is also our AnyConnect VPN software, which maintains a secure VPN connection for client devices with minimal necessity for repeated log-on, a common cause of user frustration."
The key overall lesson for organisations, Grennan says, is that whether unmanaged BYOT or managed corporate devices are being used, or increasingly a mix of both, the security perimeters and threat prevention have moved back to the organisation itself. "Our 21st century liberal attitude to how people work has not changed our needs for security of data and communications. But it has raised the technical challenges at the network level even as smart appliances and automaton have greatly eased the burden of managing security."
Accepting that ‘device of choice’ is becoming the norm, regardless of who buys it, there is a real and present challenge to all organisations in securely extending the functionality of their systems to all of their users. "There are strategies and solutions in the market such as those from Citrix and VMware, Microsoft Lync and others. More are emerging all the time and software and device vendors are developing platforms to enable the flexible, mobile computing that users want," says Andrew Miller, head of marketing in Unity Technology Solutions. "But right now there are limitations on how and how quickly organisations can move to solutions in their infrastructure, whether large or small."
"We have to understand the new landscape and the different and changing ways in which we consume our essential ICT. We can see, for example, that identity management and authentication are the challenges rather than device specifications." We are still in many respects obsessed at the devices and diversity level, Miller believes, looking at security solutions such as dual persona and encryption and so on.
"At that level the vendors are designing in features to support our new ways of working and the choices of device or who owns it are quickly becoming minor factors. The more serious challenges are at the central, corporate and policy levels. We have to have more powerful and flexible systems of enforcement of our security, access and authorisation rules, which in turn have to be more holistic and nuanced in this new environment."
Mercury Engineering
One of Ireland’s mini-multinationals and services export success stories, Mercury Engineering now has offices in Central and Eastern Europe, the Middle East and North Africa. Mercury will celebrate its 40th anniversary this year with annual sales of over EUR*250 million and more than 1,000 employees. Its proven track record now sees this Irish group involved in major projects overseas ranging from hospitals to data centres to pharmaceutical plants.
"Almost all of our people work on mobile devices, all the time. Even on a long term construction site it may be the only option. We are currently working in Glasgow on what will be possibly the biggest hospital in Europe. It can take up to 30 minutes to get back to the site office from some points, which is why having the very latest drawings always available on their iPads is really essential for the site engineers," explains Derek Mizak, Mercury group IT manager.
Similar factors and practical needs were behind the Mercury policy decision to go with a managed BYOT policy. "Going back maybe five years or so, everything was fairly standard on similar laptops or PCs with a fairly well defined security perimeter and firewalls and so on. But all of that has been overtaken by events and in our case by geography. With different telecomms carriers, computer brands, ISPs and access restrictions and so on, we had to forget ‘standardisation’ as we expanded into locations from Canada to Russia, not to mention Africa. In addition I doubt if we have any users of straightforward ‘mobile phones’ anymore!"
There are two stand-out imperatives for corporate IT today, Mizak believes. "You have to think of yourselves as service providers with a wide spectrum of customers and limited influence over what devices or technology they choose to use. When you do believe IT has to take a firm stand, there are only certain battles you can win and user choice of device is not one of them."
Mercury has adopted Citrix as its solution for both security and performance across the mix of telecoms environments in which its staff work internationally. "Each device simply has to run Citrix Receiver," says Mizak. "That encrypts the data traffic end-to-end while applications and data remain in the data centre. We have a second layer of protection in that users access their systems through an internal portal."
Users do have to work offline from time to time, he acknowledges. "That is beyond direct systems control to a large extent. No matter how smart the systems, the user will always be potentially the weakest link. That is why we place a strong emphasis on user awareness and training in security. Our policy is one of clear guidelines rather than prescriptive rules of what you can or can’t do, reckoning that understanding of the risks is better protection than lists of ‘don’ts’," Mizak says.
Subscribers 0
Fans 0
Followers 0
Followers